VIA3 is already at use at known healthcare institutions in the United States for adminstration, meetings, and remote medical doctor presence.
VIA3 and HIPAA Compliance
Protecting a patient's privacy has always been of paramount importance in the healthcare industry. The last few years, however, have brought about entirely new privacy and security requirements that require compliance from more than just a patient’s primary care physician or the emergency room staff. The Health Insurance Portability and Accountability Act (HIPAA) of 1996, which stipulates that ALL methods available should be used to ensure a patient's privacy is maintained, affects nearly every organization that collects, stores, or transacts protected health information (PHI).
Health plans, healthcare providers, healthcare clearinghouses, information systems vendors, universities and even human resource personnel handling employee’s private health information at their employers are all required to meet compliance, and the penalties for non-compliance can be severe (i.e. up to $250K and/or imprisonment up to 10 years for knowing misuse of individually identifiable health information).
The HIPAA Security Rule required complete compliance by April 21, 2005. If you’re one of almost 40 percent of affected organizations (according to the American Hospital Association) still struggling to comply, then re-examining the key privacy and security requirements – and comparing them to how you communicate PHI now – should get you another step closer.
The Key Requirements of HIPAA
HIPAA strongly regulates how PHI may be used, and when and how it may be shared with business partners. HIPAA required the Department of Health and Human Services to establish new rules designed to ensure patient privacy, patient safety and quality of medical care. More specifically, these rules require the establishment of:
1. Standardization of electronic patient health, administrative and financial data (Basically, implementing a national standard – or one format – for PHI documents and codes within the documents, to simplify and improve transaction efficiency)
2. Unique health identifiers for individuals, employers, health plans and health care providers
3. Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.
While the first two requirements appear fairly easy to understand and implement, the third requires more details. In fact, it’s been divided into two “steps” that give those affected myriad guidelines that build off each other.
1. The Privacy Rule, which required compliance for most organizations by April 14, 2003, requires affected organizations to guard against misuse of personally identifiable health information and limit the sharing of such information, whether or not the information has been in electronic form. The Privacy Rule also grants consumers significant rights regarding the use and disclosure of their health information, including letting them determine who can have access to their information. It also establishes business associate agreements that impact how business associates (such as information technology vendors) can access and disclose PHI.
2. The Security Rule, which required compliance by April 21, 2005, requires affected organizations to implement basic safeguards to protect electronic PHI from unauthorized access, alteration, deletion, and transmission. The security standards define the administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI. Required safeguards include application of appropriate policies and procedures, safeguarding physical access to electronic PHI, and ensuring that technical security measures are in place to protect networks, computers and other electronic devices.
The administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI include such significant requirements as:
• Assigning a unique name and/ or number for identifying and tracking user identity
• Implement a mechanism to encrypt and decrypt electronic protected health information
• Implementing hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic PHI
• Implement policies and procedures to protect electronic PHI from improper alteration or destruction
• Ensuring authentication, access controls and access monitoring in part by requiring proper use of user IDs and passwords to make certain that any user claiming access to a system is who he/she claims to be.
One Step Towards Compliance: Collaborating on HIPAA-Compliant Online Meeting Software
So if you’re not already in full compliance with HIPAA, what can you do? Examine how you are currently communicating PHI and look for alternatives. One alternative that will get you closer to HIPAA compliance is to integrate online meeting technology from an enabling “business associate” such as VIA3 Corporation into your organization. For example, VIA3® Assured Collaboration Service from VIA3 will take care of many of the requirements set forth for managing electronic PHI in HIPAA’s strict security and privacy rules, as the service:
• Completely encrypts ALL data transmitted during an online meeting from sender to receiver—and back again—using Advanced Encryption Standard (AES).
• Enables full authentication, access controls and access monitoring to ensure that only appropriate individuals will have access to PHI.
• Enables you to store PHI in online workspaces where only those you permit to access them can do so
• Does not store passwords but lets you easily create unique user identities and change passwords as necessary
• Provides both audio and video components, enabling identification of meeting attendees by their voice and face. If a meeting is conducted without personal “identifiers,” hackers can sit in, uninterrupted, on confidential meetings.
• Log who was in an online meeting or alert you to changes in a document or file
• Only allows those with “owner” permissions to change or delete documents or files
VIA3 prides itself on adhering to leading industry standards and forging new ground to secure sensitive communications over the Internet. Built for professionals who require total confidentiality and complete privacy in all their communications, VIA3 Assured Collaboration Service can offer your healthcare-related organization the functionality, support and education you need to communicate PHI securely in a timely and efficient manner.